The 10 Worst Data Breaches of 2013

This breach stood out in two unique ways. First, it was one of the first major breaches to hit a popular consumer site. As Paul Lipman, CEO of Total Defense, said:

Attackers having access to those users’ information (name, email, password, buying history), from a site where there is already a level of trust established, as well as urgency of message (timed deals), could lead to spear-phishing attempts in the future (such as purported emails from vendors of previous purchases, or fake new offers). This attack highlights the continued need for endpoint and email security, where any malware introduced has the chance to move laterally within a network.

Encrypted password hashes can be "cracked" with computer software that essentially tries millions of different possible passwords looking for a match. The bad guys will successfully crack the passwords of many Living Social users, and knowing the password, name, and email address for a person, they may be able to break into other accounts that those people maintain on other websites.

According to the Identity Theft Resource Center, as of December 3, 558 breaches have been reported in 2013, and we still have nearly a full month left for more potential breaches. These breaches hit across industries; no one is immune. In late November, BitSight Technologies released a report that investigated how well specific industries were doing in their security efforts. According to the survey, the financial industry has performed the best when it comes to security effectiveness.

One of the more surprising breaches named by experts was former NSA contractor Edward Snowden’s leaks about the extent of the U.S. intelligence community’s Internet surveillance. The data breach was significant for many reasons, starting with what was revealed: pervasive signals intelligence, subversion of encryption standards, collaboration with overseas intelligence communities and many other bombshells.

Other breaches were more predictable, involving stolen devices or phishing scams. Many of the breaches are blamed on foreign hackers and cyber criminals. But the end result is that all of these breaches caused significant damage to businesses and customers. As Costin Raiu, director, Global Research and Analysis Team, Kaspersky Lab, stated:

We predicted 2012 to be revealing and 2013 to be eye opening. That forecast proved correct – 2013 showed that everybody is in the same boat. In truth, any organization or person can become a victim. Not all attacks involve high profile targets, or those involved in ‘critical infrastructure’ projects. Those who hold data could be of value to cybercriminals, or they can be used as a ‘stepping-stones’ to reach other targets.